Hey can help me something? my friend infected,he didn’t install any anti virus in the first place.
Then he uses Avast Boot Scan and Removed the following. He’ll be posting his logs in this thread.
File C:\WINDOWS\system32\ckvo0.dll is infected by Win32:Gamona [Trj], Deleted
File C:\WINDOWS\system32\kavo.exe is infected by Win32:Kavos [Trj], Deleted
File C:\WINDOWS\system32\kavo0.dll is infected by Win32:Kavos [Trj], Deleted
File C:\WINDOWS\system32\XP-F6C310FA.EXE is infected by Win32:Rootkit-gen [Rtk], Deleted
Number of searched folders: 3371
Number of tested files: 43876
Number of infected files: 128
Other infections of the 128 >All Win32:Kavos [Trj] Infected at File C:\System Volume Information_restore{
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
1) You are using an outdated Windows XP Service Pack. A newer service pack [Service Pack 3] is available at Microsoft Updates.
2) You are either not using a firewall or using a firewall with no Outbound protection. You may install a firewall with Outbound Protection like PCTools Firewall, Agnitum Outpost or Online Armor.
3) I suggest, you install CCleaner and use it’s Registry Cleaner to remove remnants of uninstalled softwares. Like:
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
4) O4 - Startup: PPS.lnk = C:\Program Files\PPStream\PPStream.exe
This has been reported to be an info stealer. Much like a risktool. PrevX
5) O4 - HKCU..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKLM..\Run: [XP-F6C310FA] C:\WINDOWS\system32\XP-F6C310FA.EXE
O4 - Startup: .lnk = C:\WINDOWS\system32\XP-F6C310FA.EXE
You still have Kavo in your PC. Better install Malwarebytes Antimalware to remove other infections. Dont forget to update before using MBAM.
I would suggest allowing avast to send all the infected restore points to the chest, but since there are so many it may be best just to clear out all restore points and start from square one.
The only really effective way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
Windows ME, XP, Vista - How to disable System Restore
The header information in the HJT log is important too and shouldn’t be edited out.
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.